Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Security???' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Security???
Authored by: ScooterComputer on Nov 18, '02 01:36:26PM

Does this hint beg the question: Isn't this a security risk?
I mean, if any disk image/CD can fire Applescripts upon insertion, what is to stop an embeded script from pulling a dreaded 'do shell script "rm -R ~"?

Most of your home dir would be nuked before you knew what happened!

And I thought the fact that Apple's Installer doesn't run in a sandbox was bad (everyone does realize that Installers can run pre- and post-install/upgrade scripts as root and DO ANYTHING, as long as you have authorized prior to the install). Apple needs to start doing some security housecleaning and documenting FAST. Otherwise they are going to have a mess on their hands.



[ Reply to This | # ]
Security???
Authored by: mervTormel on Nov 18, '02 01:54:35PM


i agree. this has always seemed, to me, an exploit just waiting to get legs.



[ Reply to This | # ]
Security???
Authored by: mahakali on Jan 06, '03 04:10:10AM
I tried it, it wouldn't run for some reason. I made a doc on my desktop "rm.txt" and an image then attached this script to the mounted volume: do shell script "rm -f ~/Desktop/rm.txt". I unmounted it and mounted it back again. Nothing happened.

[ Reply to This | # ]
Security???
Authored by: Jaharmi on Dec 04, '03 03:01:07PM

I'm not sure that "do shell script" runs scripts as your user, or even in your normal shell. There's a TechNote about "do shell script" and how it works on the Apple Developer site.



[ Reply to This | # ]